How Fraud Attacks on Bitcoins Are Changing

Fraudsters are finding new ways to steal Bitcoins as the crypto-currency evolves.

Bitcoin has taken a lot of criticism this year because of vulnerabilities to hackers, particularly after the Mt. Gox exchange was hacked. Bitcoin offers some big advantages for hackers looking to steal the virtual currency from legitimate owners because it’s an easy way to move money globally and anonymously. This has made Bitcoins a juicy target from the beginning, and fraud attacks on the crypto-currency Last year numbered 8.3 million, according to research from Kaspersky Lab. And as Bitcoin starts to mature, the ways that hackers are taking advantage of it are evolving as well, says Roel Schouwenberg, principal security researcher at Kaspersky.

Until now most attacks targeting Bitcoin have fallen into two categories: attacks that infect computers with malware to mine Bitcoins for the attackers’ profit, and attacks that aim to steal existing Bitcoins from users’ wallets, Schouwenberg notes. But the first type of attack is growing less profitable. The more Bitcoins that have already been mined means that each new batch Bitcoin is worth less and less.

“It looks like attackers are less and less interested in mining Bitcoins. Unless they can get a lot of computers to do it for them [it’s not worth it],” Schouwenberg explains.

The only computers worth attackers’ interests for this type of scheme would be high-end gaming computers, Schouweberg adds. But Kaspersky also has seen a recent development where fraudsters are infecting network attached storage devices, although again it would take a large number of infected devices to make it worth the attackers’ effort. With the return on investment decreasing for this type of attack, Schouwenberg says that he expects fraudsters to start looking for other crypto-currencies that they can attack this way.

The majority of attacks (70%, according to Kaspersky Lab) fall into the second category where the attacker steals Bitcoins from a user’s wallet. These kinds of attacks will probably increase as mining new Bitcoins becomes less profitable, Schouwenberg says. This means that Bitcoin holders should start keeping their Bitcoins in a safe place - in other words, one that isn’t connected online, he advises.

“Once you trade Bitcoins on an exchange you should immediately transfer them to a ‘cold wallet’ that is completely offline,” Schouwenberg suggests. “Make a copy of it, put it on a USB device and put it in a safe.”

Another new type of attack could be emerging, Schouwenberg says, now that hackers know how vulnerable Bitcoin exchanges can be. “We’ve seen DDoS attacks hit [Bitcoin] exchanges and then when the exchange was hit, trading would change. So we could see a rise in attacks where the fraudsters are hitting an exchange looking to manipulate the trading to their profit.”

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio